summaryrefslogtreecommitdiff
path: root/roles/apps/onlyoffice/instance
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/onlyoffice/instance')
-rw-r--r--roles/apps/onlyoffice/instance/tasks/main.yml88
-rw-r--r--roles/apps/onlyoffice/instance/templates/pod-spec.yml.j275
2 files changed, 163 insertions, 0 deletions
diff --git a/roles/apps/onlyoffice/instance/tasks/main.yml b/roles/apps/onlyoffice/instance/tasks/main.yml
new file mode 100644
index 00000000..2ca6026d
--- /dev/null
+++ b/roles/apps/onlyoffice/instance/tasks/main.yml
@@ -0,0 +1,88 @@
+---
+- name: prepare storage volume
+ vars:
+ storage_volume: "{{ onlyoffice_instances[onlyoffice_instance].storage }}"
+ include_role:
+ name: "storage/{{ onlyoffice_instances[onlyoffice_instance].storage.type }}/volume"
+
+- set_fact:
+ onlyoffice_instance_basepath: "{{ storage_volume_mountpoint }}"
+
+- name: create onlyoffice database subdirectory
+ file:
+ path: "{{ onlyoffice_instance_basepath }}/postgres"
+ state: directory
+
+- name: create onlyoffice tls subdirectory
+ file:
+ path: "{{ onlyoffice_instance_basepath }}/tls"
+ state: directory
+ mode: 0700
+
+- name: generate/install TLS certificates for publishment
+ vars:
+ x509_certificate_name: "onlyoffice-{{ onlyoffice_instance }}_publish"
+ x509_certificate_hostnames: []
+ x509_certificate_config:
+ ca: "{{ onlyoffice_instances[onlyoffice_instance].publish.zone.certificate_ca_config }}"
+ cert:
+ common_name: "onlyoffice-{{ onlyoffice_instance }}.{{ inventory_hostname }}"
+ extended_key_usage:
+ - serverAuth
+ extended_key_usage_critical: yes
+ create_subject_key_identifier: yes
+ not_after: +100w
+ x509_certificate_renewal:
+ install:
+ - dest: "{{ onlyoffice_instance_basepath }}/tls/onlyoffice.crt"
+ src:
+ - cert
+ mode: "0400"
+ - dest: "{{ onlyoffice_instance_basepath }}/tls/onlyoffice.key"
+ src:
+ - key
+ mode: "0400"
+ include_role:
+ name: "x509/{{ onlyoffice_instances[onlyoffice_instance].publish.zone.certificate_provider }}/cert"
+
+- name: install pod manifest
+ vars:
+ kubernetes_standalone_pod:
+ name: "onlyoffice-{{ onlyoffice_instance }}"
+ spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+ mode: "0600"
+ include_role:
+ name: kubernetes/standalone/pod
+
+- name: configure nginx vhost for publishment
+ vars:
+ nginx_vhost__yaml: |
+ name: "onlyoffice-{{ onlyoffice_instance }}.{{ inventory_hostname }}"
+ template: generic
+ {% if 'tls' in onlyoffice_instances[onlyoffice_instance].publish %}
+ tls:
+ {{ onlyoffice_instances[onlyoffice_instance].publish.tls | to_nice_yaml(indent=2) | indent(2) }}
+ {% endif %}
+ hostnames:
+ {% for hostname in onlyoffice_instances[onlyoffice_instance].publish.hostnames %}
+ - {{ hostname }}
+ {% endfor %}
+ locations:
+ '/':
+ {% if onlyoffice_instances[onlyoffice_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass: "https://127.0.0.1:{{ onlyoffice_instances[onlyoffice_instance].port }}"
+ {% else %}
+ proxy_pass: "https://{{ ansible_default_ipv4.address }}:{{ onlyoffice_instances[onlyoffice_instance].port }}"
+ {% endif %}
+ proxy_ssl:
+ trusted_certificate: "/etc/ssl/apps-publish-{{ onlyoffice_instances[onlyoffice_instance].publish.zone.name }}/apps-publish-{{ onlyoffice_instances[onlyoffice_instance].publish.zone.name }}-ca-crt.pem"
+ verify: "on"
+ name: "onlyoffice-{{ onlyoffice_instance }}.{{ inventory_hostname }}"
+ protocols: "TLSv1.2 TLSv1.3"
+ extra_directives: |-
+ client_max_body_size 0;
+ nginx_vhost: "{{ nginx_vhost__yaml | from_yaml }}"
+ include_role:
+ name: nginx/vhost
+ apply:
+ delegate_to: "{{ onlyoffice_instances[onlyoffice_instance].publish.zone.publisher }}"
diff --git a/roles/apps/onlyoffice/instance/templates/pod-spec.yml.j2 b/roles/apps/onlyoffice/instance/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..ec70f8c1
--- /dev/null
+++ b/roles/apps/onlyoffice/instance/templates/pod-spec.yml.j2
@@ -0,0 +1,75 @@
+terminationGracePeriodSeconds: 120
+containers:
+- name: documentserver
+ image: "onlyoffice/documentserver:{{ onlyoffice_instances[onlyoffice_instance].version }}"
+ resources:
+ limits:
+ memory: "4Gi"
+ env:
+ - name: "DB_TYPE"
+ value: "postgres"
+ - name: "DB_HOST"
+ value: "127.0.0.1"
+ - name: "DB_PORT"
+ value: "5432"
+ - name: "DB_NAME"
+ value: "onlyoffice"
+ - name: "DB_USER"
+ value: "onlyoffice"
+ - name: "DB_PWD"
+ value: "{{ onlyoffice_instances[onlyoffice_instance].database.password }}"
+ - name: "AMQP_TYPE"
+ value: "rabbitmq"
+ - name: "AMQP_URI"
+ value: "amqp://onlyoffice:{{ onlyoffice_instances[onlyoffice_instance].amqp.password }}@127.0.0.1:5672"
+ - name: "JWT_ENABLED"
+ value: "true"
+ - name: "JWT_SECRET"
+ value: "{{ onlyoffice_instances[onlyoffice_instance].jwt_secret }}"
+ volumeMounts:
+ - name: tls
+ mountPath: /var/www/onlyoffice/Data/certs/
+ readOnly: true
+ ports:
+ - containerPort: 443
+ hostPort: {{ onlyoffice_instances[onlyoffice_instance].port }}
+ hostIP: 127.0.0.1
+
+- name: postgresql
+ image: "postgres:{{ onlyoffice_instances[onlyoffice_instance].database.version }}"
+ args:
+ - postgres
+ - -c
+ - listen_addresses=127.0.0.1
+ env:
+ - name: "POSTGRES_DB"
+ value: "onlyoffice"
+ - name: "POSTGRES_USER"
+ value: "onlyoffice"
+ - name: "POSTGRES_PASSWORD"
+ value: "{{ onlyoffice_instances[onlyoffice_instance].database.password }}"
+ volumeMounts:
+ - name: postgres
+ mountPath: /var/lib/postgresql/data
+
+- name: rabbitmq
+ image: "rabbitmq:{{ onlyoffice_instances[onlyoffice_instance].amqp.version }}"
+ env:
+ - name: "RABBITMQ_NODENAME"
+ value: "rabbit@localhost"
+ - name: "RABBITMQ_NODE_IP_ADDRESS"
+ value: "127.0.0.1"
+ - name: "RABBITMQ_DEFAULT_USER"
+ value: "onlyoffice"
+ - name: "RABBITMQ_DEFAULT_PASS"
+ value: "{{ onlyoffice_instances[onlyoffice_instance].amqp.password }}"
+
+volumes:
+- name: tls
+ hostPath:
+ path: "{{ onlyoffice_instance_basepath }}/tls"
+ type: Directory
+- name: postgres
+ hostPath:
+ path: "{{ onlyoffice_instance_basepath }}/postgres"
+ type: Directory
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 19:28:35 +0000